On 01/01/04 09:58, Dave Jones wrote: > On Thu, Jan 01, 2004 at 09:28:08AM +0800, Michael Clark wrote: > > Have you had a look at dazuko. It provides a consistent file access > > notification mechanism (and also intervention for denying access) > > across linux and freebsd. It is currently being used by various > > on-access virus scanners. It is under active development and > > supports 2.6 (and 2.4) > > Candidate for "Wackiest sys_call_table patching 2004". > In a word "ick". Code not to be read on a full stomach. Hi, I am the current maintainer of Dazuko. Could you please explain your "wackiest 2004" comment? Do you know of a better way to intercept system calls for 2.2/2.4 kernels *without* patching the kernel source? System call hooking is all-around ugly, but unfortunately most operating systems don't provide a real mechanism for file access control. With the 2.6 kernel, Dazuko uses LSM. This is much more elegant and much safer. Yes, users have to turn LSM on, but this does not require kernel patches (and many distributions are turning this feature on by default). I would appreciate any feedback you may have about how it could be improved. Keep in mind, I refuse to do anything that requires kernel source patching. John Ogness -- Dazuko Maintainer - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo _at_ vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Follow-Ups:
- Re: File change notificationChristoph Hellwig
- Prev by Date: Re: FATAL: Kernel too old
- Next by Date: Re: PATCH - raise max_anon limit
- Previous by thread: Re: File change notification
- Next by thread: Re: File change notification
- Indexes:[Main][Thread]